Provide each client user with an S3 key pair for authenticating to the VAST Cluster S3 service. Key pairs can be created, removed, enabled and disabled via the VMS. A user can have up to two key pairs at any time.
As and when needed, grant special permissions to individual users. Special permissions include permission to create buckets, permission to delete buckets and S3 super user permissions to override ACLs in a bucket.
You can grant these permissions through the VAST Web UI or through the VAST CLI:
-
In the Users tab of the User Management page, display the user for which you want to generate a key pair:
You can query VMS for an existing user. This can be either any user whose attributes were already retrieved from external authorization providers through NFS or SMB RPCs. It can also be an existing local user.
You can create a new user on the local provider.
In the Actions column, click the
button for the user and then select Edit.
-
In the Update User dialog, click Create new key.
An access key is displayed with its status (enabled by default).
The secret key is displayed below it with a Copy key button:
-
Click Copy key to copy the secret key to your clipboard.
Important
The secret key for this pair will not be shown again, so keep the key carefully to pass it onto the user.
-
Optionally grant the user either or both of the special S3 permissions:
-
Click Update to update the user definition.
You can now provide the user with the access key and the secret key.
Display the user on the Users tab of the User Management page (see Querying Users).
-
In the Actions column, click the
button for the user and select Edit.
In the Update User dialog, the status of each of the user's key pairs is shown (enabled or disabled).
To enable a key pair, click
. To disable a key pair, click
.
-
Display the user on the Users tab of the User Management page (see Querying Users).
-
In the Actions column, click the
button for the user and select Edit.
In the Update User dialog, the access key of the key pair is listed.
Click the delete button (
) for the access key.
-
Click Yes to confirm the removal.
The key pair is removed.
To generate an S3 access key pair for a user, use the user generate-key command.
Special S3 permissions can be granted to individual S3 users. These include permission to create buckets, permission to delete buckets, and permission to override ACLs (S3 superuser permission). To grant or remove any of these permissions, use one of the following commands:
For a user that resides on an external provider, use user query.
For a user on the local provider, use user modify.
To enable or disable an S3 access key pair, use user modify-key.
To remove a user's S3 access key pair, use user remove-key.
Comments
0 comments
Article is closed for comments.